Palo Alto Networks NG Firewalls Reviews

Almost all of my deployments are regulated to each firewall perimeter or as a data center firewall. The perimeter firewalls are deployed to control the user traffic and establish IPv6 VPN connections between a company's headquarter and its branches. This solution comes with threat prevention and URL filtering licenses for perimeter deployment. For data center deployments, the solution is deployed as a second layer of protection for the network traffic, especially for VLANs. It also prevents lateral movement of network attacks.

Almost all of my deployments in the Middle East are deployed on-prem. There is no acceptance of cloud solutions, especially for government and banking rules.

Palo Alto Networks Next-Generation Firewall comes with full visibility into the network traffic. The administrator of this next-generation firewall can troubleshoot the traffic, network issues, or connectivity issues that busted through the Palo Alto Next-Generation Firewall, then detect whether the problem is from the client side or the server side. This solution helps the administrator to troubleshoot and have their network up and running all of the time.

A feature introduced by Palo Alto with the version 10-OS is embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. Machine learning analyzes the network traffic and detects if there is any usual traffic coming from outside to inside. Because of Palo Alto, organizations detect around 91% of malicious attacks using machine learning. The machine learning helps customers by implementing firewalls in critical and air gap areas so there is no need to integrate with the cloud sandbox. 

I integrate Palo Alto with different Security Information and Event Management (SIEM) solutions as well as Active Directory to control the traffic based on users and integration with the email server to send notifications and look at domain recipients. I also integrate Palo Alto with Duo as a multi-factor authentication, which is easy to integrate. 

They have introduced more security components that can be integrated. We are talking about Cortex XDR and WildFire. These are natively integrated with Palo Alto Networks. These help to predict malicious attacks on the endpoint and network. WildFire is easy to deploy and integrate.

SP3 architecture helps distribute the bucket into different engines. Each engine has their own tasks: the networking engine, the management engine, and application and security. Each one of these tasks is done by a single task or dedicated CPUs and RAM for handling traffic.

I have been using this solution for about four or five years.

They have a stable solution, stable hardware, and stable software since they have released multiple OSs. If there are any issues, they release a new OS. Each month, you will see new batches with a new OS introduced to customers. You can update it easily. 

With Palo Alto Networks, you have a dedicated management plan. Therefore, if you face an issue regarding the management interface, e.g., the GUI and CLI of Palo Alto Networks, if you have any problem on that you can restart it without effects on the data streams.

The technical support team is great. We have no tickets open with Palo Alto. There are distributed tech centers worldwide that do not have Palo Alto employees, but have the capability to solve your problem in an easy way. They help you to close your gaps or pains.

Positive

I am expert with next-gen Firewalls, especially in Fortinet and Palo Alto. I am NSE 4, NSE 7, and PCSAE certified.

Palo Alto has introduced new features in their next-generation firewall, such as SD-WAN. However, the technique of SD-WAN implementation is not easy to understand. It is not easy to deploy at this moment. Maybe, in the future, they can improve the process and how the administrators, partners, or support team can easily deploy this SD-WAN solution on their next-generation firewall. The SD-WAN solution from Fortinet is easy to do. It does not take more than five or 10 minutes. When we talk about Palo Alto, it takes extra effort to implement SD-WAN.

If you are looking for a great firewall that helps you stop attacks as well as giving you visibility with the administration, this firewall is the best choice. You should not look at the price the first time. Instead, you should look into the solution's productivity and return on investment.

There are some differences in regards to the integrations between Palo Alto and other vendors. Palo Alto handles the traffic using Single Pass Parallel Processing (SP3) engines unlike other vendors, like Fortinet, who use ASIC processors to handle the traffic. The SP3 engine is a different, new architecture for next-generation firewalls. The SP3 engine curbs the traffic and makes the decision based on the buckets, then it evaluates the bucket and other features regarding routing. 

SP3 helps the customer when we talk about data sheets and the performance of the administration firewall. We introduce SP3 to show them real numbers. When we talk about Fortinet, they introduce a different performance number for networking and application throughputs. With Palo Alto Networks, the deduplication between the firewall throughput to the full inspection mode throughput is minimal. There is no big difference between the networking throughput and full inspection mode throughput.

I use DNS security from other vendors, not Palo Alto. I have tested Palo Alto with some scripts in regards to exfiltration and about 50% to 70% of exfiltration attacks could be stopped by Palo Alto. This year, Palo Alto has improved its DNS security against data exfiltration attacks. They enhanced the DNS security features with Palo Alto Networks Next-Generation Firewall by introducing a cloud solution. The solution now forwards these DNS requests to the cloud, which can analyze it using machine learning and artificial intelligence to decide if it is legitimate traffic or not.

The integration is based on the customer environment and what they need. Enterprise customers have some regulations and compliance so they need to send all their logs to the same solutions. We can integrate it using a syslog protocol over UDP. So, it is easy to integrate Palo Alto with some solutions. However, with other Palo Alto technologies or solutions, I integrate them just with WildFire. WildFire is a dedicated solution related to sandboxing and can be deployed on-prem or in the cloud.

The NSS Labs Test Report information has previously helped me to convince customers to buy Palo Alto Networks Next-Generation Firewalls. However, I am now not using the NSS Labs Test Report. Instead, I am using Gartner reports to offer customers Palo Alto Networks Next-Generation Firewalls.

Machine learning on the Palo Alto Networks Next-Generation Firewall was introduced on version 10.

I would rate this solution as nine out of 10.

The solution is more towards the front of the security stack.

We use both AWS and Alibaba Cloud.

The single pass architecture has helped a lot in the implementation and maintenance of Palo Alto Networks. It changed the customer's opinion on UTM platforms. In the past, when customers used UTM platforms, they feared the security features would impact the performance and slow down the network, causing some instability. However, with the single pass architecture, Palo Alto has demonstrated that you can use a lot of the security features without having an impact on the security and network performance. Therefore, most of our customers will dare to use most of Palo Alto Networks' security features.

• Application identification
• Antivirus
• Vulnerability protection
• URL filtering
• SSL VPN
• IPsec VPN

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Most of our customers are busy. They cannot afford the time to learn very complicated user interfaces and configuration procedures. With Palo Alto Networks, they offered a unified user interface for all its NG Firewall products and Panorama. I think it reduces some of our customers' maintenance time. 

Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.

Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features.

I have been using it for eight years, though my company does not use it.

Compared to its competitors, the stability of NG Firewalls is very good. We have faced some strange problems with the hardware platform or operating system. Most of these customer cases come from complicated configs and bugs. However, stability is very good overall.

Scalability is not that good. Palo Alto Networks NG Firewalls product is for middle-sized and small businesses. It has fixed parts and capacities for processing. Some of their higher-end products have the scalability to expand capacities, but only a few customers can afford their larger product.

I would rate it as eight to nine out of 10. Most of the technical engineers, who provide support for our customers, are efficient. There are one or two Tier 1 tech support engineers who often don't have answers.

Palo Alto NGFW’s unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. Before using Palo Alto Networks NG Firewalls, customers might need to implement Layer 4 firewalls, IPS and possibly an antivirus, gateways, and maybe web proxies for all their devices. With Palo Alto NGFW’s unified platform, if a customer can do all the config and security policies on one platform, then this will merge all their security things onto a single platform.

The initial setup is not complex; it is straightforward. Our users only need a cable and some basic steps to configure the management interface. Then, it can set up the NG Firewall and ensure that the network and routing are working as expected in the environment. I think its steps are easier than most of its competitors. The initial setup takes one or two hours.

The full setup time depends on the features, then whether the environment or customer needs are complicated or not.

For our implementation strategy, we talk to our customers and work out documents for all their configs, which includes basic information that we need to know for implementing the firewall. Then, we follow the documents and do the implementation. We also may modify some content of the documents as the project processes.

It needs one or two employees with enough skills to manage and maintain it. They may need to modify firewalls, firewalls security rules, and possibly inspect alerts that are generated from firewalls.

By having a customer operate on a unified platform, they can do the application control, traffic control, threat protection, and URL filtering on a single platform. This effectively reduces the workload on all their networks and security tools.

Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities.

My company uses Cisco Firepower NGFW Firewall, not Palo Alto Networks NG Firewalls. We started our cooperation with Cisco a lot longer than with Palo Alto Networks. We have been working with Cisco to expand their business in China for more than 20 years, which is why the leaders in our company might be choosing Cisco products.  

Most of our customers have been using Palo Alto Networks for a long time and do not want to change to another vendor. The unified user interface is a big benefit for them.

Palo Alto NGFW’s DNS Security is an effective way to detect and block DNS tunneling attacks, because most competitors do not have these techniques to detect the DNS tunneling on a single device. They require maybe a SIM or some analysts. So, this is something quite creative for Palo Alto Networks.

For our customers, I would tell them that Palo Alto Networks NG Firewalls is easy to use, but probably difficult to master. It has a very easy to use interface and configuration utility, but it has a lot of advanced features that need some deep knowledge of the product.

No product can guarantee 100% evasions being blocked, but I think Palo Alto is among the top of the threat inspection vendors. From the NSS Labs Test Report, we can see that Palo Alto Networks always has a top score.

Machine learning in a single firewall is not that accurate or important for our customers. Since it will only see some network traffic, it cannot connect everything together, like endpoints and servers. Therefore, our customers do not value the machine learning techniques on a single firewall very much.

We may review the alerts generated by machine learning modules, then we can see if the alerts are real alerts, not false positives. This may tell us how efficient machine learning is.

Very few customers in China have used the Palo Alto NGFW’s DNS Security module. It is a new feature that was introduced only two years ago. Customers already know what the product can provide in terms of protection. Its DNS Security provides something that is not really easy to understand. Also, it increases the cost of the firewall because it requires another license to be implemented, and the cost is not low.

DNS Security is very impressive, and I think it will be an efficient way to block the rapidly changing threat landscape and maybe Zero-day attack methods.

Biggest lesson learnt: If you want to protect something, you need to gain visibility of the entire network. NG Firewalls provides a deep visibility into network traffic.

I would rate Palo Alto Networks NG Firewalls as nine out of 10.

We are managing services for our customers. I am mostly dedicated to Palo Alto.

I have had a very good experience with Palo Alto firewalls and Panorama. We have used Palo Alto firewalls for multiple use cases. We have used them at the perimeter as well as in the data center. I have experience in 5000 series, 7000 series, and 3000 series. I have worked with most of them.

We are able to meet 99% of the requirements of our customers. It is a good solution to have in the data center as well as at the perimeter.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities.

Machine learning as well as AI have been added. About 99% of new malware or signatures can be blocked with machine learning and AI. Rather than sending these new signatures to a verifier, they are automatically blocked by leveraging machine learning and AI.

Palo Alto has different types of series. They have 800, 400, and 200 series for small branches, and then they have 1000 series for smaller branches. For a data center, they have the 3000 series and 5000 series. For big ISPs, they have 7000 series where we can also do virtualization. We can have separation and even multi-tenancy at the core level, which is something amazing. Also, we can share policies, objects, and virtual systems. That helps the network infrastructure security engineer to achieve their use cases. It provides a fast and amazing experience.

There is a reduction in downtime because it is a stable firewall. It helps our customers to have a stable network. Most of our customers have high availability. If the customers configure it well, they will have a good experience. They will not have any data loss.

It has a very good user interface. The documentation is also very good. It is very useful for monitoring things.

The integration with RADIUS, LDAP, and other servers also works very well. API integration is also very nice. The way security policies can be configured is also amazing. The Quality of Service can also be achieved. All these things are nice.

Palo Alto is a leader in the market when it comes to performance, virtualization, and the cloud platform. It is working well. In my opinion, nothing can be added at this time. However, when it comes to the cost, Palo Alto firewalls are the most expensive.

I have been working with this solution for about seven years.

It is stable. Almost everything is fine.

It is fairly scalable. Especially when you have a firewall as a service, scalability is good. Even if it is a physical firewall, a customer can simply do a tech refresh.

Their technical support is good, but they take time. Most of the time, they are occupied. We experience delays in their replies.

Neutral

I have experience with other products such as Cisco ASA, Cisco Firepower, Fortinet FortiGate, and Fortinet FortiManager, but I have mainly worked with Palo Alto firewalls.

The main competitor is Fortinet FortiGate. Palo Alto firewalls provide more control over features and give you more capabilities for control. The administrator has the required visibility to do that. Fortinet seems to have a UTM solution with multiple network and security features comprising Fortinet FortiGate, FortiSwitch, FortiAnalyzer, and FortiManager.

Our customers deploy these firewalls in the cloud as well as on-premises. On-prem, it is straightforward, but on the cloud, you require a different design.

In terms of the implementation strategy, we need to size the firewall in the correct way. For maintenance, there should be a support contract for each and every security solution, especially for the firewalls because they are very critical.

I am not from presales or sales, but as a brand, Palo Alto is more expensive than other firewalls. They have different licenses. As a customer, if you know what you are going to purchase exactly, you will get a good price. The price will vary based on whether you are going for the 7000 series, 5000 series, or 3000 series.

Overall, the price makes sense because you have IoT security, antivirus security, DNS security, anti-spyware, and many other features. They have a solution to implement SASE. So, it is very expandable for new challenges, and the return on investment can be achieved simply.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

I have used it in a couple of different ways. One way was to use it as a perimeter device and to act like a traditional firewall for controlling the traffic in and out of the network and doing intrusion detection. It was more of a filtering-type device for remote access and VPNs. 

At another job, we used it as a site-to-site VPN. We scanned customer applications and code over a site-to-site VPN. These were the two main use cases that I have done over the last eight years with Palo Alto.

It integrates very well with AWS Cloud. We use the VM-Series of Palo Alto firewalls. It is good.

It is very important that Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. That is because it is a very sophisticated environment when you start talking about the cloud and software-defined networking. When you think about that level of complexity, to have somebody like Palo Alto and AWS work together to make the deployment of those devices seamless is an incredible benefit to users.

There are different types of modules to provide defense for customers. It is pretty amazing.

It can secure data centers consistently across all workplaces. It is no secret that Palo Alto has made a large footprint in the industry when it comes to those types of security services. When you talk about the data centers and things like that, Palo Alto scales well. They are doing a great job.

In terms of downtime reduction, downtime is relative. There are many different types of elements that can cause downtime. It could be some type of attack or just a configuration change. However, things like Panorama and high availability embedded in the platform allow for high availability.

The ease of updating the platform was valuable. We could easily update the OS and different modules within the platform. It was a fairly user-friendly and easy-to-use platform. 

We found it to be fairly stable as well. It was largely stable.

Overall, when you consider how sophisticated the appliance or the platform is, they have done a remarkable job. It is probably as good as it can be in terms of being highly sophisticated but having a very small leap to learn the platform and deploy it. I do not have many complaints about the platform.

I have worked with this solution for about eight years.

Palo Alto has a great support ecosystem. I only had one issue with somebody, but we got that addressed. It was just like any industry or business. You are going to have some people who do not want to act right, but overall, they have high-quality support.

I would rate them an eight out of ten. I am a customer, and I am involved in high-pressure situations. I am always going to say that I want a quicker response, but when I am being flat-out honest and reasonable, they are as good as they could possibly be without overstepping.

Positive

We have used Check Point. I did not like Check Point at all. It is very cumbersome, so I definitely would not recommend it. 

I found the Cisco ASA line to be overly complicated for what it needs to be, but that is the history of Cisco. They have very capable devices, but they are definitely not as friendly, in my opinion. I would give a nod to Palo Alto. Palo Alto GUI seems to be a little bit easier to navigate. Cisco devices have always been very capable, but they have a steeper learning curve.

It is fairly simple. It is as simple as it can be to get started.

The number of people required depends on the environment and the type of project that you are doing. If you are designated to deploy it as a perimeter device, you do not need that many people. If you have a situation where it is in the cloud and you have to do a lot of other things to get traffic to the device, configure the interfaces in the cloud, and later create policies and bring everything into Palo Alto, it is a more sophisticated process. You need somebody very knowledgeable about that, or you need multiple people to work that out.

We have had some complex scenarios, but I was fairly knowledgeable about AWS and the firewalls, so I was able to put everything together myself. I did not require any third-party help.

It is a pretty significant return on investment if a device does what it says it will do, and it has a small learning curve and good stability.

I do not have much opinion on that because I have not been involved in the procurement process of the Palo Alto devices with the exception of pay-as-you-go through AWS, but all of this stuff is very expensive, in my opinion.

I will be a little bit pessimistic and rate it a nine out of ten, but I feel that it is a ten.

We started using this solution as a basic firewall, and then, we ended up with URL filtering, IPS, and decryption.

It increased visibility, and we can see things that we couldn't see before and are able to decrypt as well. We can actually see what's going on in our network.

Decryption is one of Palo Alto Networks NG Firewalls' best features because we can decrypt by category. For instance, we can decrypt everything except for bank traffic so that we don't interfere with the passwords and two-factor authentication of those checking their bank accounts at work. We can still monitor for malware and other threats that come through a secure channel. It's seamless for users. The URL filtering and IPS are both great as well.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. WildFire stops a lot of viruses and malware that come in from the outside. In addition, when you decrypt the traffic you'll be able to see a lot that you couldn't before. You can then integrate that into a SIEM and have visibility into all the different things that are going on. Integration with WildFire provides sandboxing and tells you if it's malicious content or not. Then, you can do URL filtering for the endpoints. All of this data goes into the SIEM. Thus, it's a really good, well-integrated software.

This native integration is very important to us because of the cost. When we get an enterprise license and get all these features on one device, we don't have to buy five devices or virtuals or set up a virtual or cloud farm to do the five things that the solution will do automatically, natively out of the box. We have been able to save money because we are able to get rid of our decryption software and are getting close to letting go of our filtering software.

It's important to us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention. This is important because those who exploit us daily use new tactics that are not seen at all times. They employ tactics that use applications that we currently use, such as PowerShell. If a PowerShell script comes in and it's decrypted, launched in WildFire in a sandbox, and blocked, it cuts our threat vector down tremendously.

When we go across all the workspaces, it's simple. The web-facing servers are protected with IPS, and the endpoints are protected with URL filtering in the sandbox and decryption. We log all of the MAC addresses, so we block hackers from getting into different websites when staff use a Wi-Fi connection off-site. In terms of securing data centers consistently across all workspaces, our whole ecosystem depends on having Palo Alto so that we can have one centralized SIEM where all the data is. Our SOC can investigate all the alerts that we get from all of these different areas.

Palo Alto Networks NG Firewalls need better training modules. You have to do a lot of reading prior to watching the training videos, and it's good for people who are really into it. However, often you want to use a video for a TID. You want to see how to do something rather than spend 30 minutes reading and then another 30 minutes watching the class. As a result, I take third-party training classes rather than Palo Alto's training because they are a lot better.

The training should be more accessible because if everybody has to pay for training, it makes it harder for us to get in techs who are qualified to do the work. If there are clear levels and schemes for certification, it would be great.

I've been using this solution for probably five years now.

The firewalls are always on, and we haven't had any stability problems. We haven't even had any hardware failures, and the perishables are great.

The firewall's scalability is nice because you can take a VM and put more memory in it. If you virtualize, then you can scale it out. With an enterprise license, you can load several to get all different points of your internet access. For example, one could do URL filtering just for the desktop, and another one could be an IPS in front of something else.

It's very flexible, and you can use these virtuals to contain all these different situations from an architectural standpoint without having to buy other software.

Palo Alto's technical support is great, and I'd give them a ten out of ten.

Positive

The initial setup is straightforward in the sense that when you put it in it starts doing what it's supposed to do. Then, you have to turn on all the features that you want.

We mainly worked with Palo Alto Networks. They taught us a lot and have been very helpful in getting us onboarded with all of the different features.

We see a return on our investment every day. We have threat hunters who go through the data and tell other state agencies where the problems are or what we were able to stop.

We haven't had a problem with pricing or licensing because we consolidated other software to make Palo Alto more affordable.

If you're just looking for the cheapest and fastest firewall, remember that you'll get what you pay for. Check if the company is able to support its product 24/7. You have to be able to get technical support on the phone at any time of the day or night. In addition, the company has to be able to do training on its firewall, and there has to be a job market for it so that there's an employee pool from which you can pick someone who knows the software. If it's an obscure software company, and they only have two or three people in the country who are certified on it, then it would hurt you a lot because you won't be able to call these two or three people in the middle of the night and expect them to always be there. Palo Alto has a very deep bench, so they can go globally and get you tech support at any time. That's very helpful.

The price is dependent upon how many features you use. If you have a Palo Alto ecosystem where you use Prisma, IPS, URL filtering, and decryption, it's going to be affordable because you will be able to eliminate other software. However, if you're looking to use Palo Alto as just a firewall, it may not help you that much because everybody out there competes to provide a firewall experience.

On a scale from one to ten, I would rate Palo Alto Networks NG Firewalls a ten.

The value I get by attending an RSA Conference is being able to see new up-and-coming software. Some products are new to the market, and others are trying to get their product to market. A lot of times, these products have key features that others don't.

Attending RSAC helps to influence cybersecurity purchases throughout the year because we are able to see a product that we didn't know was available. We learn that there is software that does certain functions that we didn't even know we needed. There are some products at RSAC that may be too expensive, but there are others that we would consider because they are cost-effective and have feature sets that we didn't know about.

We basically use it to protect our network from various malicious activities out there. We have two subscriptions. We have the WildFire subscription, which is similar to DNS filtering. We also have Threat Protection, which allows the firewall to inspect traffic up to Layer 7. It inspects applications as well as unknown applications, quarantining and stopping things. So, you are not always chasing, "What applications should I be running on this device?" It does a good job of all of that. The management of it is a little tricky, but that is how it goes.

We are running the PA-3250s. We have two of them. They operate in Active/Passive mode. Therefore, if one fails, then the other one takes over. 

It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things.

There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex.

The VPN is only available for Windows and Mac iOS environments. We have a variety of iPads, iPhones, and Android stuff that wouldn't be able to utilize the built-in VPN services.

I would like easier management and logging. They can set up some profiles instead of having you create these reports yourself. However, you should be able to set it up to give you alerts on important things faster.

We have had this in place for four years. I have been at the school for almost a year and a half. So, this is my second year here at the school, so my experience with it has probably been a year and change. I use other firewall solutions, but I have gotten pretty comfortable with the Palo Alto solution.

It is very stable. We have never had any issues with any failures on it.

I haven't felt any performance lags on it. It has been handling everything just fine.

We purchased it a few years ago. Since then, we have had a lot more clients on our network, and it has handled all that fine. You go into it and just have to scale it higher. Palo Alto doesn't give you too many choices. There is not a medium; it is either very small or very big. So, you don't have a choice in that.

We have never had to call Palo Alto. Secure Works does all our support maintenance on it.

I have been here for a year and a half. Before, the firewall that they were using (Barracuda) was barely adequate for what we were doing. We got new ones simply, not because we had a software/hardware-type attack, but because we had a social engineering attack where one of the folks who used to work for us went on to do some crazy things. As a result, the reaction was like, "Oh, let's get a new firewall. That should stop these things in the future."

The initial setup was pretty complex because they did not do it themselves. They actually hired some folks who put it in. 

We use Secureworks, which is a big security company. They actually send an alert when there are problems with the firewall or if there are security issues. They handled the deployment. 

We also use another company called Logically to monitor the firewall in addition to all our other devices.

Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time.

I would suggest looking at your needs, because this solution's pricing is very closely tied to that. If you decide that you are going to need support for 1,000 connections, then make sure you have the budget for it. Plan for it, because everything will cost you.

If another school would call and ask me, I would say, "It's not the cheapest. It's very fast, but it's not the cheapest firewall out there."

I have been looking at different firewalls because our service and maintenance contracts are up on it. We have two different outsourced folks who look at the firewall and help us do any configurations. My staff and I lack the knowledge to operate it. For any change that we need to make, we have to call these other folks, and that is just not sustainable.

We are moving away from this solution because of the pricing and costs. Everything costs a lot. We are moving to Meraki MS250s because of their simplicity. They match the industry better. I have called the bigger companies, and Meraki matches the size, then the type of institution that we are.

If someone was looking for the cheapest and fastest firewall product, I would suggest looking at the Meraki products in the educational space. I think that is a better fit.

Its predictive analytics and machine learning for instantly blocking DNS-related attacks is doing a good job. I can't be certain because we also have a content filter on a separate device. Together, they kind of work out how they do DNS filtering. I know that we haven't had any problems with ransomware or software getting installed by forging DNS.

DNS Security for protection against sneakier attack techniques, like DNS tunneling, is good. I haven't had a chance to read the logs on those, but it does pretty well. It speaks to the complexity of the firewall. It is hard to assess information on it because there is just a lot of data. You need to be really good at keeping up with the logs and turning on all the alerts. Then, you need to have the time to dig through those because it could be blocking something, which it will tell you.

I haven't read the NSS Labs Test Report from July 2019 about Palo Alto NGFW, but it sounds interesting. Though it is a little bit of snake oil, because the worst attacks that we had last year were purely done through social engineering and email. I feel like this is an attack vector that the firewall can't totally block. So, before you put something in, like Palo Alto Firewalls, you need to have your security policy in place first.

I would rate this solution as eight out of 10. Technically, it is a good solution, but for usability and practicality, I would take points off for that.

We partner with vendors primarily to foster better understanding and relationships. Our core business is system integration, where we cater to diverse customer requirements. A customer might approach us with a specific need, and we deliver. A product like Palo Alto's XDR or EDR endpoint protection is popular due to its features, but ultimately, the choice depends on individual customer requirements, including extra services or integrations. We currently have around six customers using Palo Alto.

Aside from the usual content filtering and application filtering, the primary driving force for Palo Alto Networks NG Firewalls has been the SD-WAN. Additionally, ADR has also been a significant factor. All our clients also use Palo Alto as their firewall solution.

Palo Alto NG Firewalls offer a comprehensive platform that consolidates all security features, making them the preferred choice for our clients implementing SD-WAN and ADR solutions due to their integrated threat management capabilities.

Palo Alto NG Firewalls' embedding of machine learning into the firewall's core is crucial. They provide a cloud-based sandbox platform, enabling offloading of numerous tasks and offering AI-powered solutions to detect advanced or new threats. Palo Alto's methods for achieving this are impressive.

Some of the benefits our clients have seen using Palo Alto NG Firewalls include rapid deployment to their branches thanks to SD-WAN, improved control over branch networks, and enhanced overall environmental protection. It's important to remember that firewall security is product-dependent, and attackers often target widely deployed products for maximum impact. This explains the prevalence of attacks on popular firewalls like FortiGate and Checkpoint. Interestingly, Palo Alto is not as frequently targeted because attackers seek large-scale impact, making niche platforms like Palo Alto less appealing. Staying on a less common platform can offer a security advantage by attracting less unwanted attention from potential attackers.

Palo Alto NG Firewalls help secure our data centers across all workplaces. We also leverage a cloud platform for edge security.

Palo Alto NG Firewalls help reduce our clients' downtime. They are rarely attacked, and their uptime is over 99 percent.

Our clients find the most valuable features in Palo Alto Networks NG Firewalls to be the user-friendly interface, extensive capabilities, and highly granular rule creation process. This level of granularity allows for precise control and customization in network security policies.

Some of our clients find the price of the NG Firewalls to be expensive.

The UI needs to be more user-friendly to attract novice users.

I have been using Palo Alto Networks NG Firewalls for four years.

I would rate the stability of Palo Alto Networks NG Firewalls nine out of ten.

The entry-level Palo Alto Networks NG Firewalls lack scalability, but their higher-end counterparts offer this feature. Overall, I would rate their scalability a six out of ten.

The Palo Alto support is excellent.

Positive

The initial deployment is straightforward for technical people. The number of people required for deployment depends on the environment, but one or two people are usually sufficient. For example, in a branch scenario, one person might handle the headquarters while the other visits the branches. However, even at headquarters, there could be more than one person depending on the customer's services, enabling them to collaborate on creating rules, modifying requirements, or gathering information while someone else focuses on the deployments.

Usually, our clients see a return on investment after the first year of deployment.

I find the pricing of Palo Alto Networks NG Firewalls to be reasonable. The price is based on that selected package, with the lowest starting at $3,000 annually.

I would rate Palo Alto Networks NG Firewalls nine out of ten.

I would recommend Palo Alto Networks NG Firewalls, but it ultimately comes down to the organization's needs. Some organizations are almost entirely cloud-based, while others rely on the Internet for a few specific tasks and may have on-premises processing or branch offices. The ideal firewall solution varies depending on the specific environment and use cases; a firewall that performs well for one organization might not be the best fit for another.

The primary reason people opt for cloud or hybrid solutions is to manage workloads or services already operating in the cloud. This trend extends to Palo Alto Networks NG Firewalls, where the cloud versions are gaining popularity. However, many users prefer the on-premise version of the firewalls to safeguard their on-premise infrastructure. This may involve physical or virtual appliances as long as they remain on-premise and not in the cloud.

Other than updates, Palo Alto Networks NG Firewalls rarely require physical maintenance because most data centers are clean.

Palo Alto Networks NG Firewalls are excellent firewalls but require technical expertise and dedicated resources for deployment. However, with technical know-how, they are easy to configure and deploy and offer flexibility for adaptation to various environments. We highly recommend them for SD-WANs and VPNs due to their high compatibility.

The tool's most valuable features are its security features, which are highly valued based on market standards and Gartner reports. We conducted a POC before procuring it, and from that perspective, it is very good. The machine learning feature helps prevent more threats, but no device or firewall can be 100 percent secure because threats evolve daily.

We use geofencing in our firewalls to prevent unknown attacks from other countries. The solution stops these attacks in the cloud so they don't reach my firewall. Only allowed countries can access it.

The solution provides a unified platform that natively integrates with other security platforms. It is a must as a compliance requirement and aligns with standard security best practices. The platform also helps to prevent security holes by 70-80 percent. 

We have implemented the Zero-Delay Signature feature. It is important to prevent unwanted network penetration and information theft, so having it in the firewall at the gateway level is mandatory. 

The setup was complex. We have perimeter firewalls and multiple voice devices handling calls. Directing traffic through gateway perimeter firewalls becomes quite complex in such a scenario. The implementation took around two months and required three to four people for deployment.

I have been working with the product for four years. 

Palo Alto Networks NG Firewalls' stability is very good. 

Based on our expected growth, we have some buffer and procured a model that offers an additional 10-20% capacity. Around 1,500 people in our company use it, and two to three administrators manage it around the clock. Currently, we have no plans to increase usage.

The technical support is very good. We log a call and get a response within five to ten minutes. If there is any critical issue, they get on a call and resolve it. We opt for OEM direct support. It depends on whether an integrator will assist us or we must log in through the portal. 

Positive

I decided to switch from FortiGate to Palo Alto Network NG Firewalls because we found that it performs better regarding security standards. It's considered an industry standard.

A system integrator helped us with the implementation. 

Cost-wise, I don't see much difference in network-related costs, but this is a premium-grade firewall. There is a cost involved, and you must pay for that to get the most out of it. Its licensing costs are straightforward. There aren't any hidden costs. 

I need to check DNS security with Palo Alto Firewalls. I set it up initially, but my team manages it daily. I approve any changes, but my team handles the hands-on work. I can't say all tools will be integrated, but other tools might also be needed based on our business and use cases. This alone might not suffice.

Network performance is okay but not great because multiple hops are involved. Each tool, like an endpoint with antivirus, scans the traffic before it moves to the firewall, which also scans it before sending it out. So, there will be some performance regulation. We cannot expect 100% performance in any network once you have any firewall with all the built-in security features implemented.

When I recommend the tool to others, I first check their business needs and understand what they're looking for. If they're focused on security posture and are ready to invest, I'd recommend Palo Alto Networks NG Firewalls. But if they want something cheap, I'd suggest options like FortiGate or SonicWall. Also, I'd check if they have the in-house skills to manage it day-to-day.

I'm familiar with the PA-400 series of Palo Alto Networks NG Firewalls. It's good for small offices, and we use the same series in one of our branch offices. 

I've learned that using this solution is a continuous learning process. Every day, I analyze and evaluate the differences between each product to see if it meets our business requirements and is cost-effective. I rate it a ten out of ten.